fastpass-cli 0.2.2 → 0.2.4

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "fastpass-cli",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "Cloudflare Access in 60 seconds.",
   "type": "module",
   "bin": {
-    "fastpass-cli": "./bin/fastpass.js"
+    "fastpass-cli": "./bin/fastpass-cli.js"
   },
   "files": [
     "bin/",

package/src/cli.js

@@ -27,6 +27,7 @@ export function run() {
     .description('Protect a domain with Cloudflare Access')
     .option('--auth <method>', 'Auth method(s): email, github, google (comma-separated for multiple)')
     .option('--allow <rule>', 'Who can access: email, *@domain.com, or "everyone"')
+    .option('--hidden', 'Hide email addresses from terminal output')
     .action(async (domain, opts) => {
       printBanner();
       const creds = await getCredentials();
@@ -86,6 +87,6 @@ export function run() {
 
 function printBanner() {
   console.log('');
-  console.log(`  ${pc.bold('fastpass')}: protect your app in 60 seconds`);
+  console.log(`  ${pc.bold('fastpass-cli')}: protect your app in 60 seconds`);
   console.log('');
 }

package/src/commands/list.js

@@ -14,7 +14,7 @@ export async function list(api) {
 
     if (!result?.length) {
       console.log(pc.dim('\n  No Access applications found.\n'));
-      console.log(`  Run ${pc.cyan('fastpass protect <domain>')} to get started.\n`);
+      console.log(`  Run ${pc.cyan('fastpass-cli protect <domain>')} to get started.\n`);
       return;
     }
 

package/src/commands/protect.js

@@ -1,5 +1,5 @@
 import pc from 'picocolors';
-import { input, select, confirm } from '@inquirer/prompts';
+import { input, password, select, confirm } from '@inquirer/prompts';
 import { getTeamName } from '../auth.js';
 import { ensureEmailOtp } from '../idp/email-otp.js';
 import { ensureGitHub } from '../idp/github.js';
@@ -39,8 +39,8 @@ export async function protect(api, opts = {}) {
     const existing = await checkExistingApp(api, domain.trim());
     if (existing) {
       console.log(`\n  ${pc.yellow('This domain is already protected by Access.')}\n`);
-      console.log(`  Run ${pc.cyan(`fastpass inspect ${domain.trim()}`)} to view its configuration.`);
-      console.log(`  Run ${pc.cyan(`fastpass remove ${domain.trim()}`)} to remove it first.\n`);
+      console.log(`  Run ${pc.cyan(`fastpass-cli inspect ${domain.trim()}`)} to view its configuration.`);
+      console.log(`  Run ${pc.cyan(`fastpass-cli remove ${domain.trim()}`)} to remove it first.\n`);
       return;
     }
 
@@ -61,7 +61,7 @@ export async function protect(api, opts = {}) {
     console.log('');
 
     // Resolve who gets access
-    const { include, includeType } = await resolveAccess(opts.allow);
+    const { include, includeType } = await resolveAccess(opts.allow, opts.hidden);
     console.log('');
 
     // Get team name for OAuth callback URLs
@@ -84,7 +84,9 @@ export async function protect(api, opts = {}) {
     const policyInclude = buildIncludeRules(include, includeType);
 
     // Describe access for the summary
-    const accessLabel = describeAccess(include, includeType);
+    const accessLabel = (opts.hidden && includeType === 'emails')
+      ? pc.dim('(hidden)')
+      : describeAccess(include, includeType);
 
     // Show confirmation summary (skip when all CLI flags provided)
     const allFlagsProvided = opts.domain && opts.auth && opts.allow;
@@ -133,8 +135,8 @@ export async function protect(api, opts = {}) {
       s.fail(`Failed to create Access application for ${pc.bold(domain.trim())}`);
       if (err instanceof ApiError && err.message.includes('application_already_exists')) {
         console.log(`\n  ${pc.yellow('This domain is already protected by Access.')}\n`);
-        console.log(`  Run ${pc.cyan(`fastpass inspect ${domain.trim()}`)} to view its configuration.`);
-        console.log(`  Run ${pc.cyan(`fastpass remove ${domain.trim()}`)} to remove it first.\n`);
+        console.log(`  Run ${pc.cyan(`fastpass-cli inspect ${domain.trim()}`)} to view its configuration.`);
+        console.log(`  Run ${pc.cyan(`fastpass-cli remove ${domain.trim()}`)} to remove it first.\n`);
         return;
       }
       throw err;
@@ -171,7 +173,7 @@ export async function validateDomain(api, domain) {
   }
 }
 
-export async function resolveAccess(allowFlag) {
+export async function resolveAccess(allowFlag, hidden) {
   // If --allow flag was passed, parse it
   if (allowFlag) {
     if (allowFlag.startsWith('*@')) {
@@ -187,6 +189,8 @@ export async function resolveAccess(allowFlag) {
     return { include: allowFlag.split(',').map((e) => e.trim()), includeType: 'emails' };
   }
 
+  const emailPrompt = hidden ? password : input;
+
   // Interactive
   const accessType = await select({
     message: 'Who should have access?',
@@ -195,7 +199,7 @@ export async function resolveAccess(allowFlag) {
 
   switch (accessType) {
     case 'me': {
-      const email = await input({
+      const email = await emailPrompt({
         message: 'Your email address:',
         validate: (v) => v.includes('@') || 'Enter a valid email',
       });
@@ -216,7 +220,7 @@ export async function resolveAccess(allowFlag) {
       return { include: [org.trim()], includeType: 'github_org' };
     }
     case 'emails': {
-      const emails = await input({
+      const emails = await emailPrompt({
         message: 'Email addresses (comma-separated):',
         validate: (v) => v.includes('@') || 'Enter at least one email',
       });